Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1565

local-kerberos can be removed/deprecated from authentication client

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Major
    • 1.3.2.Final, 1.4.0.Final
    • 1.2.4.Final
    • None
    • None

    Description

      As described in ELY-1541, obtaining GSSCredential using local-kerberos is redundant.
      If not credential is provided, GSS based authentication mechanims will obtain it hiself.

      When credential is not provided, kerberos-based mechanism will obtain appropriate GSSCredential from ccache himself.

      Note on both, Oracle [1] and IBM JDK [2] can be path to the ccache defined using KRB5CCNAME environment variable - no need to set any JAAS login options for obtaining.

      [1] https://bugs.openjdk.java.net/browse/JDK-6832353
      [2] https://www.ibm.com/support/knowledgecenter/en/SSYKE2_9.0.0/com.ibm.java.multiplatform.90.doc/user/compsec_jgss_kerberos.html

      Attachments

        Issue Links

          is related to

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) ELY-1357 GSSCredential CredentialSource (local-kerberos) into XML

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          relates to

          Bug - A problem that impairs or prevents the functions of the product. ELY-1541 local-kerberos CredentialSource does not work with IBM java

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              jkalina@redhat.com Jan Kalina (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: